Head of Security At Web3 Investment Firm Hit Via Bitcoin Stealer

By on
The hacked accounts reportedly belong to 'high ranking officials' in the presidential office, the cabinet, the military and members of the ruling and opposition parties
The hacked accounts reportedly belong to 'high ranking officials' in the presidential office, the cabinet, the military and members of the ruling and opposition parties

Sam Sun, the Head of Security at Web3 investment firm Paradigm, revealed via a series of tweets that he had safely made it out of an attempted attack via a Bitcoin stealer. 

Sun, also known as samczsun on Twitter, is one of the most prolific security researchers in the Ethereum space known for figuring out multiple issues in the past. 

On Tuesday, Sun confirmed in a Twitter post that someone tried to gain access to his crypto assets via a Bitcoin or crypto stealer. "Fortunately, they weren't successful, but all it would've taken was three clicks," he said.  

A crypto stealer or Bitcoin stealer is a tool that is present in the form of malware and can be deployed on another user's machine to gain access to their crypto wallets. Such tools do not have keylogging, credential exfiltration, or webcam hijacking capabilities, and their sole purpose is to steal crypto.

Sun explained to his followers that such attackers will "create an urgent and compelling hook" and try to put the victim under pressure to click a link that downloads a file on the victim's device. 

He demonstrated this with an example.

Once the victim downloads this file and opens it, they're "one click away from being pwned," said Sun.

"There are two files in the archive. If you have file extensions enabled, then you'll see the first as a URL. If you don't, then you'll see the second as a PDF. Both of these are malicious, and opening either of them would give the attacker full access to your tokens," warned Sun. 

To prevent such situations from occurring, Sun asked his 86,900 followers to think before opening any shady file and never plug in USBs that are lying around.

"Once you run a program, it has full access to your computer, so make sure you trust and verify who the program is coming from," he explained. 

Sun added that both the downloaded files will try to steal your wallet data directly, steal your wallet data from browser extensions, and also steal your Discord session token. 


Ransomware allegedly sold by a Venezuelan-French doctor would encrypt information on the computers that had been hacked, then the attackers would demand money to decrypt it
Ransomware allegedly sold by a Venezuelan-French doctor would encrypt information on the computers that had been hacked, then the attackers would demand money to decrypt it
Photo: AFP / NICOLAS ASFOURI

Join the Discussion